8e1fb58763
The user properties (login, real name, etc) where not properly escaped in the user manager's edit form. This allowed a XSS attack on the superuser by registered users. Thanks to Filippo Cavallarin from www.segment.technology for discovering this bug. |
||
---|---|---|
.. | ||
exe | ||
images | ||
plugins | ||
scripts | ||
styles | ||
tpl | ||
index.html |